Check For Dangerous IIS Default Files Network Vulnerability

Summary

The file viewcode.asp is a default IIS files which can give a malicious user a lot of unnecessary information about your file system or source files. Specifically, viewcode.asp can allow a remote user to potentially read any file on a webserver hard drive. Example, http://target/pathto/viewcode.asp?source=../../../../../../autoexec.bat

Solution

If you do not need these files, then delete them, otherwise use suitable access control lists to ensure that the files are not world-readable.

Severity

Classification

CVE CVE-1999-0737
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
IIS IDA/IDQ Path Disclosure
bozotic HTTP server Denial of Service Vulnerability
jHTTPd Directory Traversal Vulnerability
Ecava IntegraXor Directory Traversal Vulnerability

Check for dangerous IIS default files

Take action and discover your vulnerabilities